After replacing a certificate in SSPI, SSPI install/upgrade failed with error: KubeadmControlPlane is invalid: Too long: may not be more than 10240 bytes
search cancel

After replacing a certificate in SSPI, SSPI install/upgrade failed with error: KubeadmControlPlane is invalid: Too long: may not be more than 10240 bytes

book

Article ID: 418636

calendar_today

Updated On:

Products

VMware vDefend Firewall VMware vDefend Firewall with Advanced Threat Prevention

Issue/Introduction

SSPI install/upgrade failed could failed if the new SSPI certificate is too large

Environment

SSPI  install/upgrade

Cause

After updating the sspi certificate, SSPI install/upgrade uses the the prekubeadmcommand field in kubeadmcontrolplane/kubeadmconfigtemplate to replace the certificate. While the new certificate is embedded in the prekubeadmcommand,  the command has a max size of 10k bytes. Consequently, for a large/chained certificate, we could exceed prekubeadmcommand max limit.

Resolution

 please contact Broadcom support to fix the issue 

Powered by Wolken Software